Security Assessments

Reverse Engineering

Client Applications

Today’s most popular client software applications are chat, instant message, web browsers, audio/video players, and audio/video streaming. We’ve assessed all of these types of applications and many more in both full-access source code audit scenarios as well as black-box reverse engineering.

Include Security uses the latest static analysis tool platforms such as Breakman/Fortify/PMD/IDA Pro to statically analyze source and binaries which identifies common client problems such as buffer overflows, privacy issues/information disclosures, arbitrary file access, insecure local file system access, among others.

In addition to static analysis, dynamic analysis and fuzzing are often employed. We are able to find vulnerabilities in areas that other security consultancies simply cannot by using frameworks such as Peach and Sulley, as well as proprietary application-specific fuzzing frameworks for SUN RPC, SIP, SOAP, ProtoBuf, and other protocols.